Heartbleed Still Bleeding

Technically, the Heartbleed flaw is identified as CVE-2014-0160 and called "TLS heartbeat read overrun." It is found within the open-source OpenSSL cryptographic library, which provides Secure Sockets Layer (SSL) encryption capabilities for data in transit. The OpenSSL project first released its own patch for the Heartbleed flaw on April 7, but that hasn't meant that everyone in the world has actually updated.

OpenSSL is widely deployed in servers and embedded devices including Android phones. To actually protect users from Heartbleed, there are multiple steps that need to be taken. For both servers and end-user devices, an updated OpenSSL package needs to be installed. On the server side, SSL certificates need to be regenerated and end users need to reset their passwords.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.